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DETAILED ACTION 
Response to Amendment 

1 . Applicant's amendments with respect to amended claims 1-4, 6, 7-11, 15-18 and 
22 have been accepted. Therefore claims 1 - 22 are still pending. 

2. The rejections of claims 4 and 6 under 35 USC § 1 12, second paragraph have been 
dutifully overcome and therefore withdrawn. 

3. Applicant has also overcome the objections of claims 4, 1 1 and 18; therefore the 
objection is withdrawn. 

Response to Arguments 

4. Applicant's arguments filed 02/06/07 have been fully considered but they are not 
persuasive. With regard to claim 1 , it is Applicant's assertion that Benson does not teach 
"responsive to matching an entry in an access control list of a specific resource with credentials 
of a process, granting a security identifier given by the access control list to the process, 
wherein the security identifier has no meaning outside of being used to make an access 
decision for the specific resource..." The Examiner respectfully disagrees. Benson et al. 
discloses a system identifier being verified against a system directory of a resource to determine 
its validity. After the identifier is validated, the user must then pass a security test. The user 
must not only have a valid association with the requested resource but must also possess a 
security identifier (e.g. permission level) for the desired resource in order to be granted access, 
otherwise a negative access decision would result (see column 3, lines 49 - 67). Since the 
Examiner believes "matching an entry" to be equivalent to" associating an entry", therefore 
Benson et al. is relevant to Applicant's claimed invention. 

As for claim 2, Applicant argues that Benson does not teach "adding the security 
identifier to the credentials of the process to form an object access identifier, wherein the object 
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access identifier is granted based on a path of execution." Benson et al. discloses that an 
association is made between a system identifier and resource-specific identifier if a security test 
is passed (see column 3, lines 59 - 60). As such the Examiner believes the resources-specific 
identifier to be equivalent to an object access identifier since the user's security component and 
credentials have already been processed, therefore Benson et al. is relevant to Applicant's 
claimed invention. 

For claim 3, Applicant states that Benson fails to teach granting a security identifier to a 
process based on an identity of the process and a second process invoked by the process. The 
Examiner respectfully disagrees. Benson et al. teaches that user entered system identifier is 
validated then a security test must be passed to continue processing (column 3, lines 50 - 55). 
The system identifier along with a passed security test, initiate the process for requesting 
access to a specific resource within the system (see column 3, lines 57 - 60). 

As for claim 7, the Applicant asserts that Benson fails to teach "comparing a second 
entry in the access control list with the credentials of the process; and responsive to the second 
entry matching the security identifier in the credentials of the process, generating an access 
decision that grants the process access to the specific resource, wherein the security identifier 
is a right in an access control list..." Benson discloses that a system identifier and process- 
specific identifier are associated as valid before a grant access decision is determined (see 
Abstract). The Examiner believes the resource specific identifier to be equivalent to a second 
entry of Applicant's claimed invention since it is after this comparison and authorization is 
processed that an access determination based on user rights (i.e. permission level) is made 
(see column 4, lines 1-9). 
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Applicant's arguments with regard to limitations of claim 1 and similar claims 8, 15 and 
22 are rejected based on analogous rationale; associated dependent claims are also rejected by 
virtue of dependency. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1 - 22 are rejected under 35 U.S.C. 102(b) as being anticipated by Benson et al. 
in US Patent No. 5867646 (hereinafter US '646). 

6. For claim 1 and similar claims 8, 15 and 22, US '646 discloses a method and apparatus 
for data processing system for managing access to resources, the method and apparatus 
comprising: responsive to matching an entry in an access control list of a specific resource with 
credentials of a process, granting a security identifier given by the access control list to the 
process, wherein the security identifier has no meaning outside of being used to make an 
access decision for the specific resource; and responsive to the process requesting access to 
the specific resource, generating the access decision based on the security identifier, (see 
Abstract; Figure 2; column 1, line 52 - column 2, lines 1 - 30) 

For claim 2 and similar claim 9, US '646 teaches: 
wherein granting a security identifier given by the access control list to the process further 
comprises: 

adding the security identifier to the credentials of the process to form an object access 
identifier, wherein the object access identifier is granted based on a path of execution, (see 
column 3, lines 48 - 50; Figure 2) 
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For claim 3 and similar claim 10, US '646 teaches: 
wherein granting a security identifier given by the access control list to the process further 
comprises: 

adding the security identifier to the credentials of the process to form an object access 
identifier, wherein the object access identifier is granted based on an identity of the process and 
a second process invoked by the process, (see column 3, lines 49 - 64) 

For claim 4 and similar claim 1 1, US '646 teaches: 
wherein granting a security identifier given by the access control list to the process further 
comprises: setting the security identifier in an access control list operation, (see column 3, lines 
4-8, 15 -20 and 24 -27) 

For claim 5 and similar claim 12, US '646 teaches: 
changing the security identifier in response to the process invoking a selected resource, (see 
column 3, lines 61 - 64) 

For claim 6 and similar claim 13, US '646 teaches: 
wherein granting a security identifier given by the access control list to the process further 
comprises: 

using the security identifier as an identity in an access control list to identify a right to the 
specific resource, (see column 4, lines 1 - 8; Figure 2 - 3) 

For claim 7 and similar claim 14, US '646 teaches: 
wherein the entry in the access control list is a first entry and wherein generating the access 
decision based on the security identifier further comprises: 

comparing a second entry in the access control list with the credentials of the process; and 
responsive to the second entry matching the security identifier in the credentials of the process, 
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generating an access decision that grants the process access to the specific resource, wherein 
the security identifier is a right in an access control list, (see column 4, lines 1 - 8; Figure 2-3) 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. Larsen in US PGPub No. 2003/0154397 discloses a method and apparatus for 
implementing process-based security in a computer system. 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

9. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Laurel Lashley whose telephone number is 571-272-0693. The examiner 
can normally be reached on Monday - Thursday, alt Fridays btw 7:30 am & 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Laurel Lashley 
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